By Will Sturgeon, 4 August 2006 15:55
NEWS
News that attendees at a US hacking conference have seen a demonstration of how to clone a digital passport has raised fresh concerns about the security of proposed new forms of ID and travel documents.
A hacker called Lukas Grunwald showed attendees at the Las Vegas Black Hat convention how to clone passports, using a German passport for his demonstration. However, standardisation across ePassports means the exploit would work on any other passport which uses RFID chip technology to store details of the individual - such as those now being issued in the UK or US - and was carried out using freely available technology.
According to security guru Bruce Schneier, Grunwald's job was made all the more easy by the publication of standards for ePassports on the website of the International Civil Aviation Organisation.
Simon Perry, VP security strategy at CA and a member of the European Network and Information Security Agency, told silicon.com that if people can crack the security on bank cards then it was inevitable, in time, they would find a way to do the same with passports.
The biggest problem, Schneier wrote on his blog, is that passports will have a shelf-life of 10 years, during which time the technology will not only become antiquated but will almost inevitably be overtaken in sophistication by the methods for cracking it.
Eyeing up ePassports?
Check out this photo story for pictures of the new look UK travel document.
Schneier wrote: "A passport has a 10-year lifetime. It's sheer folly to believe the passport security won't be hacked in that time."
The UK is currently in the process of rolling out ePassports which store biometric data about the holder on a chip.
Because CA's Perry said RFID chips can increasingly be read surreptitiously, often from distances far greater than the six inches which designers originally claimed, he suggested the security conscious might like to consider investing in a metal cigarette or cigar case large enough to hold their passport.
Comments
There are 8 comments. Join the discussion
1. Evan M
Doesn't say _what_ was cracked. If the information was read by a third party that's one thing (worrying enough, mind) if a bogus passport was produced that's another...
2. Richard
Cloning is the real risk:
So, when you leave your "chipped" passport with hotel management overnight, criminals could easily produce a cloned passport chip:
No need for skilled artistic forgers!
Using a cloned "chipped" passport will be easier because busy border guards will trust the new RFID technology and spend less time physically examining passports.
In any case, people have already reported that the digital photos in new "chipped" passports are fuzzy and less life-like, so are less useful for inspection by humans.
It's very hard to see how this expensive project actually improves security: It comes from the same daft group responsible for ID cards.
3. Fergus
I have just been issued with one. The photo is fuzzy, and I dont like the idea of my details being machine-readable and cloneable.
I want (and paid for) an old style passport!
4. Fergus
I have just been issued with one. The photo is fuzzy, and I dont like the idea of my details being machine-readable and cloneable.
I want (and paid for) an old style passport!
5. Johnny Mnemonic
Please explain what was "cracked". As far as I know, there's nothing in the chip that is not written on the passport, the ICAO data fields are not encrypted and the specification is freely available. The headline should be "Man reads specification: new e-passports works properly".
6. Johnny Mnemonic
" I dont like the idea of my details being machine-readable and cloneable.
I want (and paid for) an old style passport!"
The "old style" passport has been machine readable for years.
7. Martin Mace
Its interesting what people are saying about the photos in the new passports. Its true, I needed to renew mine before going to the states next month.
When I went to the machine at Tesco to get my photo done, I had a spotty face due to an allergy problem. These spots were clearly visible on the photos and I was dissapointed this would be in my passport for 10 years but had to get it sent off.
However, I've just received my new passport, with the chip in the back that looks like its been stuck in with sticky back plastic by a child. Guess what, the picture is fuzzy and you can't see my spotty face ! Fantastic !
8. Jack schmidt
This only goes to prove that the crooks will always be smarter than the goofs who run the country..... Who elected these idiots ??